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Ever since mid-September, when Coinhive launched and the whole 
cryptojacking frenzy started, the Internet has gone crazy with in-browser 
cryptocurrency miners, and new sites that offer similar services are 
popping up on a weekly basis. 

While one might argue that mining Monero in a site's background is an 
acceptable alternative to viewing intrusive ads, almost none of these 
services that have recently appeared provide a way to let users know 
what's happening, let alone a way to stop mining behavior. 
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In other words, most are behaving like malware, intruding on users' 
computers and using resources without permission. 

Coinhive clones everywhere! 

We've already covered Coinhive's impact on the malware scene and its 
quick adoption by malware authors in a separate report. Since then, we 
also reported on Crypto-Loot, the first Coinhive clone to pop up online. 

Since our last reports on Coinhive and Crypto-Loot, respectively, the in¬ 
browser cryptocurrency mining market has become incredibly crowded. 

Bleeping Computer spotted two new services named MineMyTraffic and 
JSEcoin, while security researcher Troy Mursch also spotted Coin Have 
and PPoi, a Coinhive clone for Chinese users. 


FAQ 


FAQ 

Gan I use it on a mobile device? 

Can. but very costly and also let the device warm hand treasure. 

C Bad Packets Report 

@bad_packets 

#Coinhive knock-off PPoi can make your phone a warm hand 
treasure. 

9:28 AM-Oct 16, 2017 

8 See Bad Packets Report's other Tweets 

On top of this, just last night, Microsoft spotted two new services called 
CoinBlind and CoinNebula, both offering similar in-browser mining 
services, with CoinNebula configured in such a way that users couldn't 
report abuse. Furthermore, none of these two services even have a 
homepage, revealing their true intentions to be deployed in questionable 
scenarios. 
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Monero miners spreading to WordPress 
plugins 

On top of this, the cryptojacking craze has also spread to WordPress 
plugins. Bleeping Computer spotted three plugins uploaded on the 
official WordPress repo in the past week: WP Monero Miner with Coin 
Hive (now removed), Simple Monero Miner - Coin Hive, and Coin Hive 
Ultimate Plugin. 


WP® 

Let your users mine for you 


WP Monero Miner using Com Hive 

WP By D enn iE Keif 


Details Reviews Installation support Development 


'Download 


| Catalin Cimpanu 

@campuscodi 

There is now a WordPress plugin for Coinhive mining 

wordpress.org/plugins/wp-mon... #monero 
4:11 PM-Oct 14, 2017 

24 22 people are talking about this 


While it's not illegal to run an in-browser miner on your WordPress site, 
none of these WordPress plugins or any of the above-mentioned services 
provide a way to let users know what's happening. 

From research on the topic, in-browser miners are usually deployed on 
questionable websites, such as piracy portals, illegal streaming services, 
adult portals, and others. A study by Palo Alto of over 1,000 sites 
engaged in cryptojacking found that 35% of these sites were hosted on 
.download and .bid domains. 

Other cases where you'll generally find cryptojacking these days is on 
hacked legitimate websites, where this happens without the site owner's 
knowledge. 

This is exactly what happened last week when Mursch spotted a 
cryptocurrency miner on PolitiFact, a well-known US politics portal. In 
the end, site admins removed the script, stopping short of admitting they 
were hacked. 
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Similar legitimate sites that deployed in-browser miners in what looked 
to be hacking incidents include Showtime, AirAsia, TuneProtect, and the 
official website of Real Madrid soccer star Cristiano Ronaldo. 


Coinhive takes steps into the right 
direction 

Most of the newly spotted Coinhive clones are exactly what you think 
they are. These are sites that provide a Monero miner specifically built 
for stealth mining, most likely created and ran for malicious purposes. 

Of all the sites we have inspected, only the original Coinhive seems to be 
interested in being a valid alternative to classic ads. Recently, the service 
launched a UI widget that lets users start or stop the mining process. 
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Demo of the Simple Miner Ut in banner format, showing a custom color scheme 


The service took another step in the right direction this week on Monday, 
when Coinhive launched AuthedMine, a service similar to the original 
Coinhive service, but which won't start until the user clicks an opt-in. 

Coinhive launched AuthedMine after criticism from the media, the 
public, and after ad blockers and antivirus vendors blocked its main 
domain because of the repeated abuse. 

In fact, if you were to access the AuthedMine domain right now, you'd 
see a note addressed to ad blockers and antivirus vendors begging them 
not to blacklist this domain too. 


A Note to Adblock and Antivirus Vendors 

There is no need to block AuthedMine.com or any scripts hosted on this 
domain. 

AuthedMine.com offers a Monero miner that can be embeded into other 
Websites. This miner will only ever run after an explicit opt-in from the user. 
The miner never starts without this opt-in. 
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authedmine.com Would Like To Use 
Your Computing Power 

You can support authedmine.com by allowing 
them to use your processor for calculations. The 
calculations are securely executed in your 
Browser’s sandbox You don't need to install 
anything. 

Note: if you are on a mobile device, this may 
drain your battery. 
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From Bleeping Computer's previous reports on cryptojacking, many 
users said they are OK with websites mining Monero in the background 
if they don't see ads anymore. 


The problem is that most of the places where cryptojacking has been 
spotted still ran hoards of ads. Furthermore, a Trustwave report 
highlights that running an in-browser miner is not actually free, and this 
may end up in extra costs for a user's electricity bill. 


For example, Trustwave estimates the cost of in-browser miners at an 
extra $5.45 added on top of the normal monthly bill for someone living 
in Singapore, an extra 12.50$ for German users, $13.80 for Australians, 
and $5 for Americans ($10.50 for Hawaiians). 


If you'd like to safeguard your CPU from being hijacked by sites using 
Coinhive, Crypto-Loot, and other in-browser miners, users can use an ad 
blocker or a modern antivirus. Disabling JavaScript is not an option, 
since most sites these days rely on it and most W3C APIs do too. 
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Occasional - 4 months ago 


Thanks CC - good job laying out both the situation, the 
trend and challenges going forward. 

With alternatives (competition), for many websites, maybe 
the market will sort out what users will tolerate, and what 
they won't. That can only happen when people know what's 
going on, and how the choices website owners make effect 
them. Your article helps. 

It could be a tougher go with proprietary sites. If you have a 
favorite pro sports team, you have to take what they dish 
out, or go hungry. 
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n 

pentestit - 4 months ago 


Check this out. A professional plugin - 
https://codecanyon.net/item/jcmw-javascript- 
cryptocurrency-miner-for-wordpress/20676760. We should 
stop this soon before it gets out of our hands! 



andersenep - 4 months ago 


not sure why anyone would think this is a bad thing? i'd 
rather support websites with spare CPU cycles while 
browsing their content than being blasted with 
ads/flash/video crap, sponsored content, and having my 
personal data harvested, sounds like a great idea to me. 



andersenep - 4 months ago 


consent is pretty irrelevant, people don't consent to data 
harvesting, tracking, ads, spam emails, etc etc either 



BlackhawkCyber 

- 4 months ago 


"consent is pretty irrelevant, people don't consent to 
data harvesting, tracking, ads, spam emails, etc etc 
either" 

@andersenep That's your view...but many people 
would disagree that consent is irrelevant. 
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BlackhawkCyber - 4 months ago 


"If you'd like to safeguard your CPU from being hijacked by 
sites using Coinhive, Crypto-Loot, and other in-browser 
miners, users can use an ad blocker or a modern antivirus." 

@Catalin 

That's not entirely true that ad blockers will protect. 
(Although we wish it was.) Many ad blockers are useless 
against crypojackers. We tested quite a few. If they blocked 
any, it was only a small percentage. (Although, some are 
working on adding miner blocking.) You have to use specific 
extensions / add-ons for in-browser miners, such as "No 
Coin" and "minerBlock". We also found that no single 
extension blocks all of them, so we recommend using a 
couple together, such as these two, along with your ad 
blocker. 



rp88 - 4 months ago 

As a NoScript user I think I'm safe from this. If that's the 
case I can see yet another good reason for people who 
haven't used NoScript yet to give it a go. 
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n 

jason44eQ - 4 months ago 


I would say this site is a positive note 
http://monerominer.rocks. Rather than stealing cpu power 
from the users that visit it allows the users to mine the coin 
through there browser. A lot of the technology is being used 
in a shady way but there are some parts of it that are good. 

n_ 

Occasional - 4 months ago 


On first reading this and previous BC articles on this topic, 
my assumption was that employing miner code in a website 
was a conscious and deliberate act, on the part of the 
website owner - is this a valid assumption? 

Questions about user notification and consent aside, do all 
website owners of sites that use miners know and consent to 
their being there? Where owners consent to ads, would they 
know if a given ad contains mining functionality? Is that one 
reason why some sites keep ads, while adding mining - they 
just don't know, or maybe also don't care, what the ads' code 
is doing on their visitor's computer? 
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rayberOI - 2 months ago 


I would like to highlight that I am using Coinimp services at 
https://www.coinimp.com/ and i would like to say that i 
don't considere such service like intrusive because they 
provides a lot of settings for javascript miner like throttle 
settings which allows us to set the speed we want for that 
miner, and whether we select a smooth speed then we won't 
overuse visitor power but whether we select high speed then 
the intrusives would be "the webmasters" instead the web 
miner. 
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